static uids/gids and (not) using fedora-usermgmt

Axel Thimm Axel.Thimm at ATrpms.net
Wed Aug 6 22:14:06 UTC 2008 

Hi,

On Thu, Aug 07, 2008 at 09:44:35AM +1200, Martin Langhoff wrote:
> 2008/8/7 Axel Thimm <Axel.Thimm at atrpms.net>:
> > I would strongly recommend against it. IIRC correctly the tool was
> > even banned from EPEL
> 
> Thanks for the heads up.
> 
> > I think the right way to do this is to see the different needs between
> > the general Fedora space and OLPC: Fedora wants to reserve as few as
> > possible *static* uids/gids (e.g. officially stamped onto every Fedora
> > system) because this resource is rather sparse.
> 
> That is ok with me - I was hoping to find a listing of static uids
> without grepping cvs manually, aiming to find a safe gap below 500
> that OLPC could use for its deployments.
> 
> As much as possible I want to have static IDs on OLPC XS deployments
> to have max consistency across XSs in the same region. A minor
> package-installation-order difference should not lead to different
> IDs.

The best way to deal with this is to preload the uid/gids in place
before any package gets installed. The current official guidelines are
written with this in mind, see also

https://fedoraproject.org/wiki/Packaging/UsersAndGroups

where this is briefly discussed. E.g. maybe OLPC only needs an
extended setup package (the package's name is indeed "setup") where
some key uids/gids are set and thus globally the same even if Fedora
as upstream may be assigning them dynamically.

You would only run into trouble if Fedora ever decides to statically
assign any of the uids/gids itself to a different uid/gid, which is
rather unlikely.

In a nutshell: the guidelines (that are not yet followed by all
packages, there is always a lead-time to let a guideline sink in)
ensure that you can have both dynamic assignment and a preset static
one with the same package, even w/o having to rebuild the package.

> Now, that practice will make OLPC packages unacceptable to Fedora
> proper - this is more important to me. However, using fedora-usermgmt
> seemed like a way to satisfy both. If it's blackballed from Fedora,
> then I'm back to square one.

Actually the long flamewars on it has led to a stale situation -
fedora-usermgmt was never accepted into the Fedora canon as a packaging
guideline, but also not officially banned either.

But the URL I gave you above is the official vote to a guideline from
the FPC, ATM it doesn't get any more official.
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080807/856d4bda/attachment.sig>

More information about the fedora-devel-list mailing list